Skip to content

Netanol Setup Challenges

Jump to bottom
m4lm edited this page Mar 4, 2024 · 1 revision

Netanol Operation Setup

This section of the Wiki aims to provide guidance and solutions for potential difficulties encountered during the setup of the application.

Incorrect Flow Exporter Configuration

The primary objective of Netanol is to visualize received data. Hence, ensuring proper configuration on both the sending and receiving ends is crucial.

Exporting Side Configuration

Netanol supports flow protocols such as Netflow v5, v9, IPFIX, and sFlow. Cisco devices, which support both Netflow and IPFIX, have been tested for compatibility. Below is a guide on setting up an exporter correctly on a Cisco device:

Setting up Exporter on Cisco Device

Regardless of the exported data type, the critical step is to accurately configure the flow collector's IP address. For most devices, the following command suffices, though it may vary:

ip flow-export destination <collector_IP_address> <collector_port>

This ensures that exporters send flow data to the correct destination.

Receiving Side Configuration

Once exporters are configured to provide accurate data, ensuring the same for Fennec is imperative. This configuration is performed in the appsettings.json file. The structure within the file is as follows:

"_Multiplexers": "Define ports and protocols for listening.",
  "Multiplexers": [
    {
      "_Enabled": "Enable or disable this multiplexer.",
      "Enabled": true,
      "_Name": "Name used for identification during logging.",
      "Name": "Netflow-9 Multiplexer",
      "_ListeningPort": "Port number for this multiplexer.",
      "ListeningPort": "Replace with port number",
      "_Parsers": "Parsers used to parse incoming packets.",
      "Parsers": [ "Netflow9" ]
    },
    {
      "Enabled": true,
      "Name": "Ipfix Multiplexer",
      "ListeningPort": "Replace with port number",
      "Parsers": [ "Ipfix" ]
    }
  ],

This .json structure corresponds to the overall multiplexer design. You can define active ports and enable parsers for each port. In the Parsers field, ensure that the values match the ProtocolVersion enum naming precisely; otherwise, the parser for the specified protocol will not be registered.

public enum ProtocolVersion
{
    NetFlow9,
    Ipfix,
    NetFlow5,
    Unknown
}

Example

  • Exporting IPFIX data to port 2055 without running an IPFIX parser on port 2055 will result in no visualization.
  • Exporting Netflow v9 data to port 2057 and running a Netflow v9 parser on port 2057 will ensure visualization of data.
Clone this wiki locally